Category: Malware

Type: -

Aliases: Swamp


This is not a virus, bot a hoax which was originally distributed on the April Fools Day in 1996. Ignore it.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Here's the original hoax:




A new extremely threatening virus has been discovered. Its key features are

  • it is a hardware based virus
  • it can be transmitted over any communications network
  • it does not require executable code to travel
  • it is a targetable virus i.e. the virus can be set to target a particular PC or group of PCs
  • it is immune to existing anti-virus software


This is a brief paper summarising what is known about the new virus. Techniques for preventing infection are proposed.

Virus Description

The new virus has become known as the Swamp Virus. Its official reference number is 01/0496.


The Swamp Virus is a hardware based virus. It attacks the internal hardware of the PC causing electrical problems. These in turn cause software problems rendering the PC completely unusable. In many cases the PC will become usable again once it has got over the .attack.; in others the PC is effectively destroyed.


The Swamp Virus can only be transmitted directly over the Internet or other communications network. It does not have to be executable code; it can be carried on any data stream whatsoever. It cannot be conducted from PC to PC via floppy disk.


It works by utilising TCP/IP, the communications and internetworking protocols, at a very low level. Indeed it is attached to data streams at the bit level.


Experts in many countries have been working on ways to improve the carrying capacity, or bandwidth, of existing networks using techniques such as multiplexing. Scientists from the Avril Institute in Bern, Switzerland, have developed a technique whereby a small number of molecules of various substances can be attached to data at the bit level. Their goal is to cease using the bit as a data item and to use it merely as a carrier for the data. The data is physically mapped onto the molecules using the protons and electrons, the neutrons and neutrinos being used for control information and parity checking. Use of this technique will expand the capacity of a network by the data capacity of the molecules. The data carrying capacity of the bit will depend on the size of the attached molecules. The only identified drawback with this development is that a high speed communications link is required. This is because the molecules must remain in a gaseous state to stay attached to the bit. To remain in this state they require the friction - and consequent heat - developed by the high speed link. As soon as the friction and heat are removed the molecules condense and lose their data carrying capacity as well as their attachment to the bit.


This technological advance has been seized upon by an Anarchist Hacker Group - the April I Group. They have stolen equipment from the Avril Institute and have been using it to attach water molecules in a gaseous form to the bit streams generated by TCP/IP when sending emails. As soon as the email is received by your PC it loses the friction from the high speed link and the water molecules condense within the data bus on the motherboard.

This causes electrical problems, and, in the case of large

emails, total destruction of the motherboard due to .swamping..


It is believed that the April I Hacker Group - are planning to flood the Internet with vast quantities of email messages during the early part of April with particular emphasis being placed on the 1st - the anniversary of the day their self-appointed leader was arrested and charged with breaking out of a secure Government computer system.


It is strongly recommended that you do not receive any email on that day. This will provide 100% protection for your PC. Unfortunately, however, it is thought that many of the hundreds of mail servers on the Internet may suffer damage as your email messages are held by them pending retrieval. As your messages will be held on disk, the absence of friction over the communications network will cause the water molecules to condense from their gaseous form, damaging the motherboards on the mail servers.

Emails received after this date will be quite safe as the attached water molecules will have already condensed from the email bit stream.

Further information can be obtained from Professor P. Ranque at the Avril Institute. Email